Automatic Defect Categorization Thung, F.; Lo, D.; Lingxiao Jiang
2012 19th Working Conference on Reverse Engineering,
2012-Oct.
Conference Proceeding
Odprti dostop
Defects are prevalent in software systems. In order to understand defects better, industry practitioners often categorize bugs into various types. One common kind of categorization is the IBM's ...Orthogonal Defect Classification (ODC). ODC proposes various orthogonal classification of defects based on much information about the defects, such as the symptoms and semantics of the defects, the root cause analysis of the defects, and many more. With these category labels, developers can better perform post-mortem analysis to find out what the common characteristics of the defects that plague a particular software project are. Albeit the benefits of having these categories, for many software systems, these category labels are often missing. To address this problem, we propose a text mining solution that can categorize defects into various types by analyzing both texts from bug reports and code features from bug fixes. To this end, we have manually analyzed the data about 500 defects from three software systems, and classified them according to ODC. In addition, we propose a classification-based approach that can automatically classify defects into three super-categories that are comprised of ODC categories: control and data flow, structural, and non-functional. Our empirical evaluation shows that the automatic classification approach is able to label defects with an average accuracy of 77.8% by using the SVM multiclass classification algorithm.
A Survey on Chip to System Reverse Engineering Quadir, Shahed E.; Chen, Junlin; Forte, Domenic ...
ACM journal on emerging technologies in computing systems,
12/2016, Letnik:
13, Številka:
1
Journal Article
Recenzirano
The reverse engineering (RE) of electronic chips and systems can be used with honest and dishonest intentions. To inhibit RE for those with dishonest intentions (e.g., piracy and counterfeiting), it ...is important that the community is aware of the state-of-the-art capabilities available to attackers today. In this article, we will be presenting a survey of RE and anti-RE techniques on the chip, board, and system levels. We also highlight the current challenges and limitations of anti-RE and the research needed to overcome them. This survey should be of interest to both governmental and industrial bodies whose critical systems and intellectual property (IP) require protection from foreign enemies and counterfeiters who possess advanced RE capabilities.
Reverse Engineering (RE) is a long-term goal of engineering and computer science; it aims at the reconstruction of CAD models from measured data by means of 3D mathematical surfaces and geometrical ...features representing the geometry of a physical part. In the last two decades, reviews and surveys have occasionally covered this topic, but a systematic dissertation of modeling methods from a mechanical engineering point of view is still missing. The purpose of this paper is to fill this gap; starting from a general description of the overall RE framework (acquisition, segmentation, classification, fitting), both an up-to-date survey and a categorization of available modeling techniques and tools working on 3D data are provided. The main aspects of various strategies are discussed as well, in order to highlight strengths and weaknesses characterizing different approaches. Moreover, an overview of commercial software for RE is presented, considering both dedicated solutions and packages supplied as add-on with 'traditional' CAD systems. Finally, possible improvements to be addressed by the research in the RE field are discussed, outlining potential future trends that are still to be investigated.
On Reverse Engineering-Based Hardware Trojan Detection Chongxi Bao; Forte, Domenic; Srivastava, Ankur
IEEE transactions on computer-aided design of integrated circuits and systems,
2016-Jan., 2016-1-00, 20160101, Letnik:
35, Številka:
1
Journal Article
Recenzirano
Due to design and fabrication outsourcing to foundries, the problem of malicious modifications to integrated circuits (ICs), also known as hardware Trojans (HTs), has attracted attention in academia ...as well as industry. To reduce the risks associated with Trojans, researchers have proposed different approaches to detect them. Among these approaches, test-time detection approaches have drawn the greatest attention. Many test-time approaches assume the existence of a Trojan-free (TF) chip/model also known as "golden model." Prior works suggest using reverse engineering (RE) to identify such TF ICs for the golden model. However, they did not state how to do this efficiently. In fact, RE is a very costly process which consumes lots of time and intensive manual effort. It is also very error prone. In this paper, we propose an innovative and robust RE scheme to identify the TF ICs. We reformulate the Trojan-detection problem as clustering problem. We then adapt a widely used machine learning method, {K} -means clustering, to solve our problem. Simulation results using state-of-the-art tools on several publicly available circuits show that the proposed approach can detect HTs with high accuracy rate. A comparison of this approach with our previously proposed approach 1 is also conducted. Both the limitations and application scenarios of the two methods are discussed in detail.
With wide deployment of machine learning (ML)-based systems for a variety of applications including medical, military, automotive, genomic, multimedia, and social networking, there is great potential ...for damage from adversarial learning (AL) attacks. In this article, we provide a contemporary survey of AL, focused particularly on defenses against attacks on deep neural network classifiers. After introducing relevant terminology and the goals and range of possible knowledge of both attackers and defenders, we survey recent work on test-time evasion (TTE), data poisoning (DP), backdoor DP, and reverse engineering (RE) attacks and particularly defenses against the same. In so doing, we distinguish robust classification from anomaly detection (AD), unsupervised from supervised, and statistical hypothesis-based defenses from ones that do not have an explicit null (no attack) hypothesis. We also consider several scenarios for detecting backdoors. We provide a technical assessment for reviewed works, including identifying any issues/limitations, required hyperparameters, needed computational complexity, as well as the performance measures evaluated and the obtained quality. We then delve deeper, providing novel insights that challenge conventional AL wisdom and that target unresolved issues, including: robust classification versus AD as a defense strategy; the belief that attack success increases with attack strength, which ignores susceptibility to AD; small perturbations for TTE attacks: a fallacy or a requirement; validity of the universal assumption that a TTE attacker knows the ground-truth class for the example to be attacked; black, gray, or white-box attacks as the standard for defense evaluation; and susceptibility of query-based RE to an AD defense. We also discuss attacks on the privacy of training data. We then present benchmark comparisons of several defenses against TTE, RE, and backdoor DP attacks on images. The article concludes with a discussion of continuing research directions, including the supreme challenge of detecting attacks whose goal is not to alter classification decisions, but rather simply to embed, without detection, "fake news" or other false content.
An overwhelming diversity of colloidal building blocks with distinct sizes, materials and tunable interaction potentials are now available for colloidal self-assembly. The application space for ...materials composed of these building blocks is vast. To make progress in the rational design of new self-assembled materials, it is desirable to guide the experimental synthesis efforts by computational modelling. Here, we discuss computer simulation methods and strategies used for the design of soft materials created through bottom-up self-assembly of colloids and nanoparticles. We describe simulation techniques for investigating the self-assembly behaviour of colloidal suspensions, including crystal structure prediction methods, phase diagram calculations and enhanced sampling techniques, as well as their limitations. We also discuss the recent surge of interest in machine learning and reverse-engineering methods. Although their implementation in the colloidal realm is still in its infancy, we anticipate that these data-science tools offer new paradigms in understanding, predicting and (inverse) design of novel colloidal materials.This Review provides an overview of computational tools and strategies, from simulation methods to machine learning and reverse-engineering approaches, used for the design of soft materials made from self-assembling colloids and nanoparticles.
We present a convex geometry perspective to the effective field theory (EFT) parameter space. We show that the second s derivatives of the forward EFT amplitudes form a convex cone, whose extremal ...rays are closely connected with states in the UV theory. For tree-level UV completions, these rays are simply theories with all UV particles living in at most one irreducible representation of the symmetries of the theory. In addition, all the extremal rays are determined by the symmetries and can be systematically identified via group theoretical considerations. The implications are twofold. First, geometric information encoded in the EFT space can help reconstruct the UV completion. In particular, we will show that the dim-8 operators are important in reverse engineering the UV physics from the standard model EFT and, thus, deserve more theoretical and experimental investigations. Second, theoretical bounds on the Wilson coefficients can be obtained by identifying the boundaries of the cone and are, in general, stronger than the current positivity bounds. We show explicit examples of these new bounds and demonstrate that they originate from the scattering amplitudes corresponding to entangled states.
The paper presents one of the possible solutions of the reverse engineering problem from the point of view of the classical system approach, as well as highlights the direction for the development of ...a complex software product. This approach will make it possible to change the modern practice of reverse engineering, which is applied everywhere. This practice requires expert evaluation by operator teams on non-acceptance basis. The approach proposed by the authors will significantly minimize human participation in this process.
Android users install various apps, such as banking apps, on their smart devices dealing with user‐sensitive information. The Android framework, via Inter‐Component Communication (ICC) mechanism, ...ensures that app components (inside the same app or on different apps) can communicate. The literature works have shown that this mechanism can cause security issues, such as app security policy violations, especially in the case of Inter‐App Communication (IAC). Despite the plethora of research on detecting security issues in IAC, detection techniques face fundamental ICC challenges for improving the precision of static analysis. Challenges include providing comprehensive and scalable modeling of app specification, capturing all potential ICC paths, and enabling more effective IAC analysis. To overcome such challenges, in this paper, we propose a framework called VAnDroid2, as an extension of our previous work, to address the security issues in multiple components at both intra‐ and inter‐app analysis levels. VAnDroid2, based on Model‐Driven Reverse Engineering, has extended our previous work as per following: (1) providing a comprehensive Intermediate Representation (IR) of the app which supports extracting all the ICC information from the app, (2) extracting high‐level representations of the apps and their interactions by omitting the details that are not relevant to inter‐app security analysis, and (3) enabling more effective IAC security analysis. This framework is implemented as an Eclipse‐based tool. The results of evaluating VAnDroid2 w.r.t. correctness, scalability, and run‐time performance, and comparing with state‐of‐the‐art analysis tools well indicate that VAnDroid2 is a promising framework in the field of Android inter‐app security analysis.
Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread ...application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today's software obfuscations keep up with state-of-the-art code analysis and where we stand in the arms race between software developers and code analysts. The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving deobfuscation techniques and off-the-shelf code analysis tools. The answer very much depends on the goals of the analyst and the available resources. On the one hand, many forms of lightweight static analysis have difficulties with even basic obfuscation schemes, which explains the unbroken popularity of obfuscation among malware writers. On the other hand, more expensive analysis techniques, in particular when used interactively by a human analyst, can easily defeat many obfuscations. As a result, software obfuscation for the purpose of intellectual property protection remains highly challenging.